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CONTEXT ADMINISTRATOR 

Field of the Invention 

The present invention relates to tools for managing and administering the 
management of context in software applications. 

Background of the Invention 

There are many businesses or fields of endeavor, which rely on the use of plural 
desktop computer applications. One such field is the modern practice of medicine. In 
such a setting, users quite often find themselves entering and reentering similar 
information over and over. For example, a single user may have to repeat login 
information in plural applications, followed by the same or similar client information. 
Such information, that defines the environment in which each application operates is 
known as context. That is, context is a collection of data items arid corresponding 
values, wherein the items represent information required in common between plural 
applications in an industry or business setting. For example, in health care, a patient 
identifier (patient ID) is an item which is part of the context in which plural clinical 
applications may participate, or share. 

In the modern practice of medicine, a physician or other professional or staff 
member may need to store, retrieve, analyze, etc. various types of patient data. The 
patient data to be processed may be clinical; e.g. x-ray images or blood work results, or 
may be financial, e.g. insurance cover and billing history. Thus, clinical applications, 
such as those to store, retrieve and display x-ray images and those to store, retrieve and 
display blood work results have inputs and outputs which fall into two broad classes: 
highly specialized, work product specific I/O; and more general, context-related I/O. 

The desirability of managing context information, so that a user at a workstation 
need not reenter information such as user identification (user ID) or patient identification 
(patient ID) has long been recognized. 

A standard known as Health Level Seven Context Management Specification 
Version CM-1.1 was promulgated by the Health Level Seven (HL7) Clinical Context 
Object Workgroup (CCOW) on November 6, 1 999, incorporated herein in its entirety by 
reference, to define an interface and other architectural definitions of a Context 
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Management Architecture (CMA), whereby clinical applications interact with a Context 
Manager to manage context information across a range of clinical and other health care 
related applications. 

At this time, there are no other known, comprehensive context management 

5 software packages available. Some small steps have been taken for example to share 
context amongst one publisher's own titles, using proprietary methods absent a context 
manager, or to permit a user to sign onto a single application which transfers user context 
to plural other applications. However, no context manager handling both user and 
patient context is known, much less a complete system with central administration of the 

10 context management process. 

Summary of the Invention 

What is desired is a context administrator and method which solves the problems 
associated with settings using plural, unrelated software applications to process data 

15 related to a common context. 

As discussed above, context is a collection of data items and corresponding 
values, wherein the items represent information required in common between plural 
applications in an industry or business setting. For example, in health care, a patient 
identifier (patient ID) is an item whi ch is part of the context in which plural clinical 

20 applications may participate, or share. The data items comprising context are organized 
into subjects. For example, subjects defined by HL7 CCOW CM- 11 include User, 
Patient and Encounter. In accordance with some aspects of the invention, a subject 
definition is a data structure including the following parts: 

• Name (The Name must be correctly formatted per the CM-1.1 standard because 

25 attempting set the context data for an unknown subject is invalid and enforced by the 

context manager, as specified by the CM-1.1 standard.) 

• IsSecure (If true, IsSecure indicates that only applications specifically configured to 
be participants to that subject can get the subjects context data. Additionally, some 
applications can be identified as "trusted," meaning that they can change the 

30 subject's context data, as specified by the CM-1.1 standard.) 

• List of Applications (The List of Applications identifies those configured for the 
subject and which pries are * 'trusted*'.) 
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• List of Correctly Formatted Item Names for the Subject (This List gives the names of 
the fields that the subject is allowed to contain. Each name must be correctly 
formatted per the CM-1 . 1 standard. Each item name may be one defined in the 
standard or it may be formatted as a custom item name, where the format is per the 

5 CM- 1.1 standard.) 

• List of Dependent Subjects (One subject may be dependent on another, meaning that 
if the dependent subject's context is changed, this subject's context data is cleared, as 
specified in the CM- 1.1 standard.) 

On the subject of Dependent Subjects, the CM-1 .1 standard has the following 
10 remarks: 

For simplicity, it is generally desirable that there not be any semantic 
dependencies between context subjects. This enables an application to set a 
context subject without concern for the other available subjects, 

With this assumption, it is possible for an application to independently 
15 set the context data items for just one subject, some, or all subjects during the 

course of a single context change transaction; A context subject whose items 
have not been set by the application shall remain as it was prior to the 
transaction. 

However, in certain cases it is necessary to define and enforce semantic 
20 inter-dependencies between context subjects. The only inter-dependencies that 

shall be defined and enforced are those that stipulate that a specific set of 
additional subjects that must be set each time a particular subject is set. 

For example, whenever subject X is set by an application, the 
application must also set subject Y. These dependencies shall be enforced by 
25 the context manager. This notion of subject inter-dependency also necessitates 

an additional assertion, which is that if setting X requires that Y also be set, 
then whenever Y is set and X is not set, the value for X shall not be post-filled 
by the context manager. Instead, it shall appear after the context changed 
transaction as though X is empty. 
30 The inter-dependencies for standard subjects are documented in the 

document Health Level-Seven Standard Context Management Specification, 
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Subject Data Definitions. [Ed. Note: the referenced document is part of the 
CM-1.1 standard.] 

Inter-dependencies for custom subjects may be stipulated by the 
organization that defines the custom subject. A custom subject may be 
5 dependent upon any other subject. However, a custom subject may not require 

that a standard subject, or a custom subject defined by another organization, be 
dependent upon it. In other words, custom subject X can not assert that it must 
always be set whenever standard subject Y is set. 

As used herein, context management is a process of storing, retrieving, modifying 
10 and communicating context information between a user and one or more applications, or 
between the plural applications used in a particular setting. For example, in health care, 
when a doctor switches from a heart monitor application to a blood analysis application, 
die patient ID need not be reentered if context management has been implemented. As 
used herein, context administration is a process of storing, retrieving, modifying and 
15 communicating information by which a context management system is controlled or 

supervised. A single context administrator may supervise multiple context managers or 
may supervise only one context manager. 

According to one aspect of the invention, there is a method of administering a 
context management system, comprising configuring a subject data definition. The 
20 method may further include identifying one or more available context managers to 
administer. Identifying may also further include pinging possible context manager 
addresses to find the available context managers, 

One type of data useful for security purposes is a shared secret. Thus, according 
to this aspect of the invention, the method may include maintaining in a subject data 
25 definition, a list or other means of identifying applications that are allowed to transact on 
that subject. The method may further include storing with each application a value, 
which is a function of, but not equal to a passcode for the application, so that the identity 
of an application desiring to transact on a secure subject can be verified. The method 
may yet further include encrypting the passcode to form the value. Methods embodying 
30 the invention can further include maintaining an inventory of applications whose context 
is managed; and maintaining a map relating users to user identifiers formatted for each 
application in the inventory. When the steps of maintaining are included, the method can 
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also include identifying for each context, which applications share the context. In yet 
another variation, the method can configure communication parameters for the available 
context managers, generate a status report for the system or intervene in a context 
management process. Interventions can include forcing an application out of a context, 
5 canceling a transaction in progress or shutting down a context manager. Methods 

embodying aspects of the invention can include communicating with a context manager 
using a hypertext transport protocol. In some embodiments, the hypertext transport 
' protocol is HTTP 1.1. 

According to other aspects of the invention, embodiments thereof can include a 
1 0 context management and administrative system, comprising a context manager; and an 
administration suite. The administration suite can further include a context 
administrator; and a context server. The context server can further include a passcode 
service; a user-mapping agent (UMA) service; and a lightweight directory access 
protocol (LDAP) service; The LDAP service can further provide a data stdrage module 
15 in which the passcode service stores encrypted passcodes and in wWch me user-mapping 
*~ agent service stores user mapping data. The context server can further include a registry 
in which the context manager is registered. Finally , the context server can further 
include configuration memory holding a common configuration used as a default 
configuration for the context manager.. 

Brief Description of the Drawings 
In the drawings, in which like reference designations indicate like elements: 
Fig. 1 is a schematic block diagram of a system embodying aspects of the 
25 invention; and 

Fig. 2 is an organizational map of one software embodiment of aspects of the 
invention. 

Detailed Description 

30 The invention will be better understood upon reading the following description of 

an embodiment of our mvention in connection wim 

described in connection with the administration of a software system, software 
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components and software architecture for performing context management to 
synchronize a plurality of application programs to a single context. A block diagram of 
the embodiment is given in Fig. 1 . The illustrated embodiment complies with the HL7 
CCOW CM-1 .1 standard. Thus, this embodiment can perform context management in a 
5 health care environment including CM- 1.1 compliant clinical applications. Other 
standards for context management protocols and interfaces may exist, particularly 
outside of health care, for which the present invention is applicable. Regardless of the 
existence of such standards, while the present invention is described in connection with 
an application of the principles thereof to the health care industry, the invention may be 
10 practiced in connection with any industry that relies on plural applications for which 
context can preferably be managed or synchronized. 

The overall architecture of Fig. 1 is now briefly described. 
One or more computer systems, workstations, desktop personal computers (PCs) 
or the like 100 have executing thereon one or more applications 101, e.g., in the health 
15 care field, clinical applications. It is assumed that context management of the 

applications 101 is desired, and that they comply with at least one standard for context 
management protocols and interfaces, e.g., HL7 CCOW CM- 1.1. A context manager 
102, also executing on a computer system, workstation, desktop PC or the like 
communicates with the applications 101 through an interface and using a protocol 
20 defined by standard. The context manager may or may not be executing on the same 
computer system, workstation, desktop PC or the like as the applications, but may 
communicate with the applications through a communications network. In the case of an 
HL7 CCOW CM-1 . 1 compliant system, Microsoft® COM protocol defines one layer of 
the communication protocol. 
25 Administration functions may be remote from the managed computer systems, 

workstations, desktop PCs, etc., for example as an independent software module or 
program resident on a context administration console 103. The console 1 03 
communicates with the system 100 on which the applications 101 reside through a 
channel 1 04 which may pass through an interconnection network, e.g., the Internet, an 
30 intranet, a Local Area Network (LAN), a Wide Area Network (WAN) or the like 105. In 
order to simplify communication through the interconnection network 105, a standard 
printable-character based protocol, such as the Hypertext Transport Protocol (HTTP) 
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may be used. Messages transported by HTTP may be formatted as headers, Hypertext 
Markup Language (HTML) files, Extended Markup Language (XML) files, etc. Other 
protocols and message formats may alternatively be used. A daemon 1 06, resident on 
each of the systems 1 00, translates the protocol used for communication over the 
5 interconnection network (e.g., HTTP) into that used for context management of the 
applications (e.g., COM). The daemon 106 may alternatively be part of the context 
manager 102. 

■ \'. ; A database 107 of context information is mamtainedeimer on the context 
administration console or separately. When a context management installation tool 108 
1 0 is invoked, similar links are established using an administration daemon 1 09 to draw 
current, common context information from the database 107, to set up the context of 
newly installed applications 1 00. This administration function can be performed at other 
times, as well, such as when a stand-alone system is brought into the context managed 
.environment. 

15 Although both the foregoing and the following discussion is given With respect to 

HL7 CCOW CM-1 .1 , HTTP 1 .1 , COM and health care clinical settings in particular, it 
will be apparent from the discussion that the inventors contemplate adaptations of the 
concepts illustrated to other industries and settings, some suggestions for which have 
been given. 

20 For convenience, and without loss of generality, modules, programs and 

machines, particularly machines executing software programs are referred to herein as 
modules. In this document, modules could be function or procedure calls in a software 
program, a program module, a complete program, a machine executing a program or any 
part of a program, and the like, where a module performs a defined portion of the overall 
25 function of the system described. 

It should be noted that the architecture described above appears to assume a 
particular partitioning of the context management and context administration task into 
individual modules, as evidenced by the blocks of Fig. 1. That apparent assumption, of 
course, is that there is a context manager module, a context adinmistrator module and a 
context server module. However, the inventors have found that the context manager and 
context server can be combined in a single module in which the functions are shared in 
such a way as to behave as a single functional block. Alternatively, the context 



30 
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administrator and context server can be combined in a single module in which the 
functions are shared in such a way as to behave as a single functional block. Finally, all 
three separately described functional elements can be combined in a single module in 
which the functions are shared in such a way as to behave ^s a single functional block. 
5 These variations have important implications for the design of the communications and 
user interface portions of the system because communication between more tightly 
coupled functional elements, such as within a module, is easier and more secure than 
between more loosely coupled elements, such as between modules, and because the user 
interface can ultimately be defined using standard elements of a page markup language 
1 0 interpreted by a browser, rather than a proprietary ad hoc interface design. 

A context management and administration system according to a presently 
preferred embodiment of the invention has been implemented using the Microsoft Java 
programming language. The structure of the code is illustrated in Fig. 2. 

A top layer, over all, is the user interface 20Q. This may be implemented using a 
1 5 conventional presentation manager available as a resource in many operating systems, or 
using a markup language such as HTML or the like and HTTP so that it can use a 
standard browser as the display module. Beneath the user interface layer, and tunneling 
through both lower layers is the HTTP, COM, signing and XML communication facility 
201 used by all layers. An inventory facility 202, passcode facility 203 and user 
20 mapping agent facility 204, all described below, exist in the second layer. Finally, the 
third layer embodies the low-level functions of database management 205 , scanning the 
network (pinging) 206 and Lightweight Directory Access Protocol (LDAP) 207, also all 
described below. 

The following description explains the operation of the components of the 
25 architecture described above. 

The context administrator, which is connected to a communication network 
through which it can communicate with other elements of the system, compiles an 
inventory of context managers available to it on the network. The context administrator 
determines whether a context manager is available at each legal network address by 
30 pinging at each address a communication port registered with the Internet Assigned 
Numbers Authority (IANA). When a context manager is configured to respond to 
messages on the registered port, at the address pinged, it responds. The context 
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administrator can then build a database of available context managers. The database can 
be presented to users in a tree form, similar to the tree used in the Windows™ Explorer 
program used to navigate through files and folders on a computer hard disk. 

The inventory can alternatively be built and updated automatically as context 
5 managers join or leave a network. In order to do so, each context manager will register 
itself to the context administrator by transmitting an identifier, for example a DCE 
UUID, "hello" message to the context administrator. The identifier needs to be unique 
within a given network. 

As part of inventory management, a context manager can be removed from 
10 inventory, making it invisible to the context administrator. A context manager manually 
removed by a user of the context administrator then continues to function normally, but 
carmot be configured, etc. by the context administrator. 

Once an inventory of context managers exists, the context administrator can then 
configure the context managers, obtain status from the context managers, perform 
1 5 interventions on the context managers and produce human- or machine-readable outputs 
commuhicating various types of information about the context administration process. It 
is also possible to view a human-readable listing of all operations performed by the 
context administrator. The listing is updated or appended to each time an operation is 
performed. 

Configuring the context managers is a wide-ranging task, defining how a 
particular instance of a context manager behaves, as well as defining site-wide 
information relevant to the operation of all context managers under administration. 
Examples of configuration parameters defining how a particular instance ofa context 
manager behaves include the parameters related to the details of performing a 
transaction, such as timing parameters. Examples of configuration parameters which 
affect an entire site include defining which, applications will join in a particular context, 
passcodes and other security settings, and the subjects defined by the standard, including 
User, Patient and Encounter, required by the standard, and optional customizable 
subjects. 

Configuring the security settings includes defining values in a database 
identifying which subjects are available only through a secure connection. For example, 
User is a secure subject. Defining a subject as secure necessitates that trusted 



20 



25 



30 



' BNSDOCJD: <WO 



WO 00/59286 PCT/US00/09348 

- 10- 

participants be identified, as they can only access the subject, for example for viewing or 
editing, provided they give the passcode identifying them as a trusted participant. In the 
preferred embodiment, a trusted participant is one which will be allowed to edit the 
contents of a secure subject. In the HL7 CCOW CM-1 . 1 standard, User is a secure 
5 subject. 

The contents of a subject are now illustrated by describing the subject, User. The 
subject User is used to configure who the users are within a particular site, for example. 
A user mapping agent identifies each user by a unique, site-wide User Identification 
(User ID). The User ID is linked to the individual login identifiers, such as username 

10 and password, used to obtain access to each individual application. This map of User ID 
to login identifier is housed on the context server module described above. 

Status information which can be obtained by the context administrator can 
include one or more of the version number of each context manager in the inventory, 
which context managers have joined a particular context, what changes have been 

15 processed by each context manager, what changes have been aborted by each context 
manager, etc. Status information can also include a complete record of the current 
configuration of each context manager, so that if a context manager inadvertently 
becomes out of sync with the changes made by tile context administrator, as determined 
by making a status inquiry, that context manager can be brought back into sync. Finally, 

20 status can also include a log of exceptions which may occur from time to time during 

operation. The log may contain the date and time of each event, the severity of the event 
and a message describing the event. 

In some circumstances, intervention in the operation of individual context 
managers may be required. The context administrator module can be configured to force 

25 an application to leave a context, cancel a transaction in progress, remotely shut down an 
aberrantly behaving context manager or remotely restart a context manager. 

According to a preferred embodiment, all outputs of the context administrator can 
be printed, sorted, exported to XML, etc., so as to be available in both human- and 
machine-readable form. 
30 Context changes are effected in the system by means of transactions. In the 

health care field, HL7 CCOW CM-1 .1 defines what constitutes a transaction. According 
to this standard, a secure transaction occurs as follows: 
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This method is similar to ContextData::SetItemYalues. [See CM-l.L] 
The primary difference is that the context participant's digital signature shall be 
provided as the value of the input appSignature when secure subject item 
values are among the items to be set. This signature enables the context 
manager to authenticate that they came from a designated application or from a 
valid secure subject mapping agent, and that the values were riot tampered with 
between the time they were sent and were received. 

A signature is not required when the values for the user subject items 
are null. This enables any application to set the user context to empty. When a 
signature is not provided, the value of the input appSignature shall be an empty 
string 

Concatenating the string representations of the following inputs in the 
order listed shall form the data from which a message digest is computed by 
the participant: 

participantCoupon 

itemNames (i.e., All the elements in the order that they appear in the 
array.) . ; * 

item Values (i.e., All the elements in the order that they appear in the 

array,) 

contextCoupon 

A participant shall compute its digital signature by encrypting the 
message digest with its private key. 

The exception SigriatureRequired is raised if the value of appSignature 
is not a digital signature and a signature is required in order to perform this 
method. 

The exception AuthenticationFailed is raised if a digital signature is 
required and provided, but the process of authentication determines that: the 
application that invoked this method did not previously provide its public key 
via the interface SecureBinding; that the input appSignature has been forged; 
that tiie input parameter values have been tampered with; that the participant 
has not been designated for performing user context changes. 
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We now return to Fig. 1, to discuss how the illustrated architecture provides the 
facility for performing the operations described. 

The context administrator module contains the logic defining the overall 
operation of the system. The actual maintenance and switching of context is performed 

5 by the context manager module. A variety of support functions are provided by the 
context server. For example, the context server may include a passcode service, a user 
mapping agent service and a LDAP service. These services are now discussed. 

The passcode service provides a virtual software vault for the passcodes. 
Passcodes are stored in encrypted form in the LDAP data store accessed by the context 

10 server. Passcodes are not themselves ever transmitted as messages, but rather the context 
manager sends a signed HTTP message to the context server, which checks the signature 
and contents of the message against the stored, encrypted passcode. An MAC 
acknowledgement is returned to the context manager either authorizing or denying the 
request contained in the message. 

15 ^ The user mapping agent provides a similar service with respect to User IDs. A 
request is sent by the context manager for the login identifiers corresponding to a 
particular User ID, and a list of data is returned to the context manager. The context 
manager can then add the login identifiers corresponding to the User ID to the context 
data, in this case for the User subject, where it can be accessed by any application thai 

20 has joined in the current context and that also has access to the User subject, which is 
secure. 

Similarly, if the context administrator sends to the context server an LDAP 
message requesting a change to the passcode list or the map of User ID information, a 
security check is first performed, and then the transaction is either approved or 

25 disapproved. 

The context server could be used to provide other services, as well. For 
example, the context server could provide a registry service, in which each context 
manager is registered. The registry would automate the inventorying process to a greater 
extent, allowing context managers and context servers to perform a handshake when a 

30 new module comes on line on a network, and the context manager to be automatically 
registered. The context administrator could also provide a default configuration service. 
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Each registered context manager could be configured to the default configuration at the 
time it is registered, unless the default configuration is overridden. 

The context server can be implemented as a server appliance. A server appliance 
is a network-connected server that services multiple client computers. Like conventional 
servers, a server appliance receives requests from client computers to perform specific 
tasks. The server performs a task requested and returns back to the client the result of 
performing the task! Unlike conventional servers that provide general purpose platforms 
for a wide range of computing tasks, a server appliance is singular in purpose. A server 
appliance contains specialized software and possibly specialized hardware to enable it to 
achieve its purpose. Thus, a server appliance can be optimized for the specific tasks that 
it is intended to perform, thereby reducing the cost and complexity of the server 
appliance when compared with the cost and complexity of a general purpose server 
configured for the same purpose. 

The context administrator inventories the network by pinging all possible context 
nianager addresses on a port registered with the IAN A, according to one embodiment of 
the invention. The context administrator can be implemented on a Windows'™ 
98/2000/NT machine, and use the Windows™ Networking ping function to perform the 
required scan. Other operating systems such as Unix, Linux and the like, with their 
corresponding networking facilities can also be used. 

According to some embodiments of the invention, communication between the 
context administrator and the context manager can occur using HTTP. However, context 
managers communicate with applications using the COM protocol, as mentioned above. 
Therefore, in these embodiments of the invention, rather than add to the complexity and 
size of the context manager, a software daemon translates between HTTP and COM 
protocols. The context administrator sends signed messages to the context manager in 
HTTP, which are translated by the daemon into signed COM messages. The context 
nianager returns XML messages, which the daemon wraps in HTTP to forward to the 
context administrator. Naturally, other communications protocols can be used, arid even 
the native protocol used by the context manager can be used directly, in variations on 
30 embodiments of the invention. ; 

It should be noted that for security reasons, the daemon is restricted to calling 
only COM objects which are part of the context manager module. Theoretically, an 



20 



25 
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HTTP request could be for any COM object, but that would create a security breach by 
allowing the daemon to be used to gain access to other system components. 

In order to effect proper communication between the context managers and the 
context servers, one configuration parameter set in the context managers is which context 
5 server, of a possible plurality on a given network, should be used. A failover mechanism 
can also be provided which would cause a secondary context server to be used in the 
event a primary context server failed to respond to a message. 

Based upon the foregoing architecture, a new subject is implemented by the 
context administrator as follows. First the subject is defined in the context administrator 
10 by giving it a name and defining its schema. The definition is stored in the repository. 
Next, a user gestures to send out the configuration, causing an HTTP call to the context 
manager, through the daemon, to be sent out. Alternatively, the configuration can be 
stored in a context server in a configuration service, as discussed above, Finally, the 
context manger obtains and stores the new configuration information locally in a text 
15 file. This discussion, of course, assumes that one or more applications controlled by the 
context manager have a priori knowledge of the new subject, thus giving life and 
meaning to the new subject definition. If the subject has been defined to be secure, then 
the application will need a passcode to use the subject. Also, any new subject definition 
must have at least one application capable of setting data in the subject. 
20 In one variation of the invention, the context manager can be embodied in a 

server appliance, as described above in connection with the context server. In such an 
embodiment of the invention, the applications may reside in a different computer, 
workstation, PC, etc. than the context manager appliance, which also may reside in a 
different computer, workstation, PC, etc. than the context administrator. The 
25 components of such a system which reside in different computers, workstations, PCs, 
etc. would be connected to each other through a network, such as a LAN, a WAN, an 
intranet, the Internet, etc. 

In other variations of the invention, the structures and methods described herein 
can be combined with: the context sensitive web casting methods and apparatus 
30 disclosed in U.S. patent application Serial No. 60/135,907, filed May 25, 19?9, 

incorporated herein in its entirety by reference; the context management server appliance 
methods and apparatus disclosed in U.S. patent application Serial No. 60/1 36,670, filed 
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May 28, 1999, incorporated herein in its entirety by reference; the healthcare server 
appliances methods and apparatus disclosed in U.S. patent application Serial No. 
60/1 39,235, filed June 14, 1999, incorporated herein in its entirety by reference; the 
HTTP Post message encoding of COM dispatch interface calls disclosed in U.S. patent 
5 application Serial No. 60/139,145, filed June 14, 1999, incorporated herein in its entirety 
by reference; the application context management methods and apparatus disclosed in 
U.S. patent application Serial No. 60/139,145, filed June 14, 1999, incorporated herein in 
its entirety by reference; and the context management web site methods and apparatus 
disclosed in U.S. patent application Serial No. 60/145,68 1 , filed July 26, 1 999, 

10 incorporated herein in its entirety by reference. This discussion and that contained in the 
referenced patent applications clearly suggest to the skilled artisan how such 
combinations would be made. 

'The invention has now been described and illustrated in connection with one 
embodiment and some variations thereof. Numerous omer variations and modifications 

15 which will now be obvious to the skilled artisan are also contemplated as within the 
scope and spirit of the invention. The scope of the invention is not to be limited by the 
description of embodiments thereof, but only by the ^ scope of the properly construed 
claims which follow. 

What is claimed is: 



BNSDOCID: <w6_l_l__006928aA3_l_> 



WO 00/59286 



PCT/US00/09348 



- 16- 
CLAIMS 

1 . A method of administering a context management system, comprising: 
configuring a subject data definition. 

5 2. The method of claim 1, further comprising: 

identifying one or more available context managers to administer. 

3. The method of claim 2, wherein identifying further comprises: . 
pinging possible context manager addresses to find the available context 

10 managers. 

4. The method of claim 1, further comprising: 

maintaining in a subject data definition, which applications are allowed to access 
the subject 

5. The method of claim 4, further comprising: 

storing with each application a value which is a function of but not equal to a 
passcode for the application. 

20 6. The method of claim 5, further comprising: 
encrypting the passcode to form the value. 

7. The method of claim 1, further comprising: 

maintaining an inventory of applications whose context is managed. 

25 

8. The method of claim 7, further comprising: 

maintaining a map relating User IDs to login identifiers formatted for each 
application in the inventory. 

30 9. The method of claim 2, further comprising: 

configuring communication parameters for the available context managers. 
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10. The method of claim 2, further comprising: 
generating a status report for the system. 

11. The method of claim 2, further comprising: 

5 intervening in a context management process. 

12. The method of claim 1 1, wherein intervening fUrther comprises: 
forcing an application put 

10 13. The method of claim 1 1, wherein intervening further comprises: 
canceling a transaction in progress. 

14. The method of claim 11, wherein intervening further comprises: 
shutting down a context manager. 



15 



20 



15. The method of claim 1, further comprising: 

communicating with a context manager using a hypertext transport protocol. 

1 6. The method of claim 1 5, wherein the hypertext transport protocol is HTTP 1.1. 

17. A context management and administrative system, comprising: 
a context manager; and 

an administration suite. 



25 18. The system of claim 17, wherein the administration suite further comprises: 
a context administrator; and 
a context server. 

19. The system of claim 1 8, wherein the context server further comprises: 
30 a passcode service; 

a user mapping agent (UMA) service; and 

a lightweight directory access protocol (LDAP) service. 
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20. The system of claim 19, wherein the LDAP service further comprises: 

a data storage module in which the passcode service stores encrypted passcodes 
and in which the user mapping agent service stores user-mapping data. 

5 

21. The system of claim 18, wherein the context server further comprises: 
a registry in which the context manager is registered. 

22. The system of claim 1 8, wherein the context server further comprises: 

1 0 configuration memory holding a common configuration used as a default 

configuration for the context manager. 



BNSOOCID: <W O 0O592B6A2 I > 



WO 00/59286 



1/1 



PCTAJSOO/09348 



103 



CONTEXT ADMINISTRATOR 



INSTALL TOOL 



-108 



A it 



HTTP 



LDAP 



v y 



CONTEXT 
SERVER 



PASSCODE 
SERVICE 



UMA 



LDAP 



PASSCODESj 
USER MAP | 



-107 



107- 



HTTP(XML) 



HTTP (SIGNED) 



PING 



105 



HTTP 



Fig. 1 



U ■ .V 



-104 



ADMIN 
DAEMON 



XML 



COM 



CONTEXT 
MANAGER 



COM 



APPLICATIONS 



^-100 
-106 

-102 

--101 



202- 



200 



203 



USER INTERFACE / 


INVENTORY 


HTTP 
COM 
SIGNING 
XML 


PASSCODE 


UMA ~ 


DB 


SCANNING 
(PING) s 


LDAP 



205- 



t 



-204 



-206 ^201 

Fig. 2 

SUBSimrfE SHEEf (RVUE 26) 



-207 



BNSDOCtD: <WO______0059286A2_I_> 



THIS PAGE BLANK (uspto) 



(12) INTERNATIONAL APPLICATION PUBLISHED UNDER TliE PATENT COOPERATION TREATY (PCT) 



(19) World Intellectual Property Organization 
International Bureau 

(43) International Publication Date 
12 October 2000 (12.10.2000) 




PCT 



(10) International Publication Number 

WO 00/59286 A3 



(51) Internationa! Patent Classification 7 : GQ6T 9/44 

(21) International Application Number: PCT/US00/09348 

(22) International Filing Date: 7 April 2000 (07.04.2000) 



(25) Filing Language: 



(26) Publication Language: 



English 



English 



(30) Priority Data: 

60/128,145 7 April 1999 (07.04.1999) US 

60/135,907 25 May 1999(25,05.1999) US 

60/136,670 28 May 1999 (28.05.1999) US 

60/139,235 14 June 1999(14.06 1999) US 

60/139,145 14 June 1999 (14.06.1999) US 

60/145,681 26 July 1999(26.07.1999) US 

60/146,722 2 August 1999 (02.08. 1999) US 

(71) Applicant: SENTILLION, INC. [US/US]; 300 Brick- 
stone Square, Andoyer, MA 01810 (US). 



(72) Inventors: SELIGER, Robert; 10 Sanborn Street, Win- 
chester, MA 01890 (US). SELIGER, Elaine; 10 Sanborn 
Street, Winchester, MA 01890 (US). FUSARI, David; 331 
Riverbend Drive, Groton, MA 01450 (US). 

(74) Agent: ENGELSON, Gary, S.; Wolf, Greenfield & Sacks;, 
P.C., 600 AUantic Avenue, Boston, MA 02210 (US). 

(84) Designated States (regional): European patent (AT, BE, 
CH, CY, DE, DK, ES, FI, FR, GB, GR, IE, IT, LU, MC, 
V. NL, PT» SE). ■ 

Published: . 

— With international search report ; ; 

(88) Date of publication of the international search report: 

5 April 2001 

For two-letter codes and other abbreviations, refer to the "Guid- 
ance Notes on Codes and Abbreviations" appearing at the begin- 
ning of each regular issue of the PCT Gazette. 



(54) title: METHOD AND SYSTEM FOR ADMINISTRATING CONTEXT 



z 



CONTEXT ADMINISTRATOR 



INSTAI1TOOL 



"^—108 



HTTP 



00 
IT) 



1DAP 



HTTPpCMU 



HTTPgtGNEDt 



mo 



CONIEXT 
SERVER: 



f%S$G0DE 



UMA 



L0AP 



|PAS5COO£5| 



USER MAP 



^107 



■i 



HTTP 



AOMIN 
DAEMON 



XML 



COM 



CONTEXT 
MANAGER 



ICOM 



APPLICATIONS 



-KM) 
-106 



-102 



-101 



(57) Abstract: A context management (102) and administration system (103) includes a context manager (102), which manages the 
Q context of plural applications programs (101), and an administration suite (103) which oversees and manages the context manager. 
£^ Context management can include setting up and maintaining subject data definitions, intervening in context manager operations, 
^ providing security functions to protect sensitive context information against tampering by unauthorized users. 



BNSOOCID: <WO_ 



_0059286A3_I_> 



INTERNATIONAL SEARCH REPORT 



intern at Application No 

PCT/US 00/09348 



A. CLASSIFICATION OF SUBJECT MATTER 

IPC 7 G06F9/44 



According to Intemattonal Patent Classification (IPC) orto both national ctassincatton and IPC 



B. FIELDS SEARCHED 



Minimum documentation searched (classification system followed by classification symbols) 

IPC 7 G06F 



Documentation 



searched other than minimum documentation to the extent that such documents are included in the fields searched 



Electronic data base consufled during the intematKH^ seajr^ (nanie of data base and, where practical, search terms used) 



EPO-Internal , INSPEC, COHPENDEX, IBM-TDB 



C. DOCUMENTS CONSIDERED TO BE RELEVANT 



Category • Citation of document with indication, where appropriate, of the relevant passages 



Relevant to claim No. 



CLINICAL CONTEXT WORKING GROUP: "The 
Clinical Context Object Workgroup: Its 
Standard and Methods" 

INTERNET DOCUMENT: CLINICAL CONTEXT OBJECT 

WORKGROUP WHITE PAPER, 'Online! 

16 February 1998 (1998-02-16), XP002154044 

Retrieved from the Internet: 

<URL:http://www. hl7 . org/1 i brary/commi ttees 

/s1gv1/CC0W_wh1te_paper.doc> 

'retrieved on 2000-11-22! 

page 8, line 1 - last line 



1,2,11 



page 10, line 1 -page 23, 11 



3,7,9, 
10,13-18 



ne 4 



-/- 



I HI 



Further documents are listed in the continuation of box C. 



Patent family members are listed in annex, 



° Special categories of cited documents : 

•A* document defining the general state of the art which is not 

considered to be of particular relevance 
*E" earlier document but published on or after the intefnational 

filing date 

•L- document which may throw doubts on priority daim(s) or 
which is cited to establish the pubHcahon date of another 
citation or other special reason (as specif ied) 

•Q» document referring to an oral disclosure, use, exhibition or 
other means 

"P" document published prior to the international filing date but 
later than the priority date claimed 



T* later oxjcument pubfished after the imernational fitow date 
or priority date and not in conflict with the application but 
coed to understand the principle or theory underlying the 
invention 

•X" document of particular relevance; the claimed im^nhon 
cannot be considered novel or cannot be considered to 
involve an inventive step when the document is taken alone 

•Y* document of particular relevance; the claimed invention 

cannot be considered to involve an inventive step when the 
document is combined with one or more other such docu- 
ments, such combination being obvious to a person skilled 
in the art 

oocuineni member of ^ 



Date of the actual completion of the international search 



4 December 2000 



Date of mating of the international search report 

22/12/2000 



I Name and Imaifing address of the ISA 

European Patent Office. P.B. 5818 Paientlaan: 
NL-2280HV Riiswqk 
Tel (+31-70) 940-2040, Tx. 31 651 epo id. 
Fax (+31-70) 340-3016 



Authorized officer 



Ecollvet, S. 



Focm PCT/ISA/210 (second sheet) (Jut/ 1992) 



page 1 of 3 



BNSCOCID: <WO_ 



_O059286A3J_> 



INTERNATIONAL SEARCH REPORT 



Irrterr . . at Application No 

PGT/US 00/09348 



C(Contlnuatlon) DOCUMENTS CONSIOEREO TO BE RELEVANT 

Category * Citation of document, wtth Indication .wfiere appropriate, of the relevant 



Relevant to claim No. 



EP 0 803 808 A (SUN MICROSYSTEMS INC) 
29 October 1997 (1997-10-29) 
abstract 

page 2, line 36 - line 55 
figures 7,8 



9,15-18 



US 5 805 786 A (CHANDRA TUSHAR DEEPAK 
AL) 8 September 1998 (1998-09-08) 
column 1, line 19 - line 40 

line 48 -column 4, line 41 
line 55 -column 5, line 15 
line 50 -column 7, line 38 



ET 



column 3, 
column 4, 
column 6, 
figure 5 



DAVID ADAMS <D. J,ADAMS®S0TH0N.AC.UK>: 
"solstice - access system administration 
tools with a graphical user interface" 
INTERNET DOCUMENT: SOLARIS 2.3 UNIX MAN 
PAGES, 'Online! 1995, XP002154495 
Retrieved from the Internet: 
<URL : http : //www. ntua.gr/cg1 -bi n/man-cgi ?so 
Ist1ce+1M> 'retrieved on 2000-12-01! 
the whole document 

DAVID ADAMS <D . 0 . ADAMS@S0TH0N. AC. UK> : 
"Ipstat - print Information about the 
status of the print service" 
INTERNET DOCUMENT: SOLARIS 2.3 UNIX MAN 
PAGES, 'Online! 1995, XP002154496 
Retrieved from the Internet: 
<URL : http : //www. ntua . gr/cg1 -bi n/man-cg1 ?1 p 
stat+l> 'retrieved on 2000-12-01! 
the whole document 

DAVID ADAMS <D. J. ADAMS@SOTHON.AC.UK>: 
"cancel - cancel print request" 
INTERNET DOCUMENT: SOLARIS 2.3 UNIX MAN 
PA6ES, 'Online! 1995, XP002 154497 
Retrieved from the Internet: 
<URL : http : //www. ntua . gr/cgi -bi n/man-cg1 ?ca 
ncel+l> 'retrieved on 2000-12-01! 
the whole document 

DAVID ADAMS <D. J. ADAMSSSOTHON . AC . UK> : 
"lpshut - stop the LP print service" 
INTERNET DOCUMENT: SOLARIS 2.3 UNIX MAN 
PAGES, 'Online! 1995, XP002154498 
Retrieved from the Internet: 
<URL : http : //www. ntua . gr/cgi -b1 n/man-cg1 ?1 p 
shut+lM> 'retrieved on 2000-12-01! 
the whole document 

-/— 



21,22 

lb 



13 



14 



Fbon FCT7ISA/210 (ctnttnuabon of second sheel) (July 



1002) 



page 2 of 3 



INTERNATIONAL SEARCH REPORT 



Inter? al Application No 

PCT/US 00/09348 



C<Contlnuatlon) DOCUMENTS CONSIDERED tO BE BB.EVANT 



Category • I Citation of document, with indicaUon.where appropriate, of the relevant passages 



Relevant to claim No. 



DAVID ADAMS <D. J.ADAMSSSOT H0N.AC.UK>: 
"Ifconfig - configure network. Interface 
parameters" 

INTERNET DOCUMENT: SOLARIS 2.3 UNIX MAN 

PAGES, 'Online! 1995, XP002154499 

Retrieved from the Internet: 

<URL : http : //www. ntua . gr/cgi-bl n/man-cgl ?1 f 

config+lM> 'retrieved on 2000-12-01! 

page 1, line 21 - line 26 

page 2, line 14 - line 21 

page 3, line 27 - line 39 

page 4, line 8 - line 16 

page 8, line 17 -line 21 

MICHAEL FLEMIN6 GRUBB , ROB CARTER: 
"Single Sign-On and the System 
Administrator" 

INTERNET DOCUMENT: USENIX PROCEEDINGS 
TWELFTH SYSTEMS ADMINISTRATION CONFERENCE 
(LISA'98), 'Online! 
6 - 11 December 1998, XP002154500 
Boston, Mas sachus sets, USA. 
Retrieved from the Internet: 
<URL:http : //www. usenl x .org/publ icat 1 ons/1 1 
brary/proceedl ngs/1 1 sa98/ful 1 jpapers/grubb 
/grubb.pdf> ^retrieved on 2000-11-30! 
the whole document 

DAVID ADAMS <D. J. ADAMSSSOTH0N. AC. UK>: 
"Intro, Intro - Introduction to 
maintenance commands and application 
programs" 

INTERNET DOCUMENT: SOLARIS 2.3 UNIX MAN 
PAGES, 'Online! 1995, XP002154501 
Retrieved from the Internet: 
<URL: http : //www, ntua. gr/cgi-bl n/man-cgl ?1 n 
tro+lM> 'retrieved on 2000-11-29! 



4-6,8, 
19,20 



Form PCT/ISA/210 (continuation ol second sheet) (July 1992) 
BNSDOCI& oii n . oosngBBA3 I > 



page 3 of 3 



; INTERNATIONAL SEARCH REPORT 

muttfln fin naient famllu m«fnkAM 


tnten- <a! Application No 

PCT/US 00/09348 


Patent document 
cited in search report 


Publication 
data 


Patent family ■ 
members) 


Publication 
■date 



EP 0803808 A 29-10^997 US 5734831 A 31-03-1998 



US 5805786 A 08-09-1998 US 5926619 A 20-07-1999 



Form PCTASA7210 (patent lamly annex) pu^ t992) 

BNISDOaCk iWO____LoOS9286A3J_> ' 




THIS PAGE BLANK (uspto) 



